Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
OMB gives agencies more control over financial management systems
Monday - 9/23/2013, 2:30pm EDT
Instead of a strict set of rules around the technology requirements for federal systems, the Office of Management and Budget will rescind Circular A- 127 that governs financial systems, and, through this memo, move and simplify those regulations into Appendix D of Circular A-123.
Sylvia Burwell, director, Office of Management and Budget
In a nutshell, implementing the Federal Financial Management Improvement Act (FFMIA) has become arduous and ended up forcing agencies into costly financial management upgrades.
So now Appendix D is more streamlined. OMB reduced the number of requirements from more than 500 to about 60 that focus on outcome or output.
OMB began to dismantle FFMIA regulations over the last several years. The administration closed down the Federal Systems Integration Office (FSIO) in March 2011 and moved a lot of the oversight and standards work to the Treasury Department's Office of Financial Innovation and Transformation (OFIT).
FSIO, and its predecessor the Joint Financial Management Improvement Program (JFMIP), which stopped approving vendor software several years ago, set requirements for federal financial systems to meet and it took vendors years to gain approval.
Today, OFIT has subsumed much of that work, placing a higher level of focus on shared services and setting financial management standards.
In the memo, Burwell said Appendix D no longer includes the lengthy, resource- intensive financial system software test and certification requirement. It also disposes of the rule that forced agencies to use a single technology product to meet all the financial management system requirements. Instead, Burwell said the appendix "emphasizes the deployment of newer, cost-effective technology through shared service approaches."
OMB mandated in March agencies move to shared services for their financial systems when they are ready to upgrade.
The appendix specifically addresses how FFMIA applies to shared services providers and agency customers.
"For agencies that use shared service organizations, the service organizations are required to provide customer agencies with a report on controls at a service organization relevant to user entities' internal control over financial reporting (also known as a SOC 1)," OMB wrote. "The SOC 1 is an important tool for agency management and auditors as they evaluate the effect of the controls at the service organization on the user entities' controls for financial reporting. Agency and auditor testing of a service provider's controls could take the form of input/output controls, performance monitoring or process controls."
More broadly, OMB said agency compliance should focus on reducing and managing risk based on its goals around financial management.
"An agency does not have to be at low risk for each compliance indicator to be in compliance with FFMIA," the appendix stated. "Still, lower risk should decrease the likelihood that an agency is not in compliance, while higher risk should increase the likelihood that an agency is not in compliance."
OMB also issued an A-123 Compliance Framework that breaks down the necessary steps agencies need to take into three buckets:
- Financial management goals, which include financial information management
- Compliance indicators, which includes internal control reviews, audit results
and cybersecurity reviews.
- Section 803(a) requirements, which includes accounting standards, system requirements and standard general ledge rules.
"The FFMIA Compliance Determination Framework goals and compliance indicators are intended to be used during the ongoing operation of federal financial management systems," OMB wrote. "Agency heads should use the goals and compliance indicators to assist in determining FFMIA compliance. If a goal is not met, then the agency head should evaluate the associated financial management system requirements and the effectiveness of related internal controls to help identify the root cause(s) of failure to meet the goal."
OMB said Appendix D goes into effect Oct. 1.